Really Simple SSL

Getting everything out of your security headers

When you have installed Really Simple SSL pro, you will get a bunch of new options. Users sometimes ask: “which headers should I enable, and why isn’t it all enabled by default?”. We’ll start auto enabling these as much as possible as of the next version, but this is not always possible. For example Content Security Policy is something that has to be configured cautiously. We have made this as easy as possible by handling the detection of possible issues automatically, but in the end you need to decide if a URL should be allowed or not.

In this security headers article we’ve discussed each header, and have given a “recommended” or “advanced” flag. If you’re not very experienced, you can still enable these without having to configure a lot of settings. Just enable the switch and you’re done!

  • X-Content-Type-Options
  • X-XSS-Protection
  • X-Frame-Options
  • Expect-CT, Certificate Transparency
  • No Referrer When Downgrade header


Related articles

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!

Integrate with Really Simple SSL

Really Simple SSL offers a Free SSL Certificate from Let’s Encrypt. Do you want to integrate with Really Simple SSL as a hosting provider? Let us know!

Choose the answer that most closely resembles your proposed integration. Additional information can be entered below.
After sending the form. The pop-up will close automatically.